Five minute practical

Open up the command prompt on your computer, and type netstat -an. You should now see the listening and established ports; count them, and write the numbers down. Run the command shutdown /r /t 0 to immediately reboot the machine. Log back in, go to the command prompt, and run netstat -an; what is the difference? You will see that you have lost information that could have been used as evidence:

Volatile evidence summary

Web-based attack

Computer attack

Removable drive

Command line

Capture network traffic

CPU cache then


Volatile memory using RAM


Exam tipCapturing the network traffic is the first step in remote or web-based attacks so that you can identify the course.
  • Chain ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.